package cn.com.header.zbpk.web.security;

import cn.com.header.core.support.web.JsonViewData;
import cn.com.header.core.support.web.RequestUtil;
import cn.com.header.core.support.web.ResultCode;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 权限不够
 *
 * @author liangzhongqiu
 * @date 2017-08-04
 * @time 10:00:00
 */
public class DefaultAccessDeniedHandler extends AccessDeniedHandlerImpl {

    /**
     * 无权限响应
     */
    private static JsonViewData noAuthResponseView = new JsonViewData(ResultCode.NO_AUTH, "对不起，您无访问该资源的权限！");


    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        if (RequestUtil.isAjax(request)) {
            noAuthResponseView.write(response);
            return;
        }
        super.handle(request, response, accessDeniedException);
    }
}
